Today most of us have moved a significant part of our lives to the digital world. The Internet is the place where we work, communicate, shop, and… get robbed. While having your purse stolen in the street is unpleasant enough, identity theft committed online can have even more severe consequences.
According to the Federal Trade Commission, 3.2 million fraud cases were reported in 2019. Almost 21% of them were identity thefts, which also were the most common type of fraud.
Therefore, it is about time we learn how to prevent identity theft online by getting serious about our security while browsing.
What is identity theft?
Identity theft is a type of fraud where someone steals your personal information and uses it to impersonate you. After stealing your identity, criminals can use it to commit other crimes or receive services in your name – for example, get a mortgage or a student loan.
What these fraudsters usually target is personally identifiable information (PII). While many types of data can be considered PII, these are the most common examples:
- Full name
- Social Security Number (SSN)
- Home address
- Telephone number
- Credit card number
- Medical data
- Driver’s license number
- Biometric data
All the above data is known as linked details. That is to say, by getting this type of data, criminals can identify an individual (almost) immediately.
However, criminals can also use other types of information to commit identity theft. For example, connecting several non-PII details (like your current or former employer, postcode, race, etc.) can tell fraudsters who you are. We call this sort of information linkable details.
There are many ways one can become a victim of identity theft. For starters, you can get your identity stolen both offline and online.
The most common ways of offline identity theft are dumpster diving and shoulder surfing. The former takes place when a thief goes through your discarded items, looking for documents, checks, and any other personal information. The latter occurs when a thief peeks over your shoulder when you’re using an ATM, or filing in sensitive information on your electronic device with digital signature. But that’s not what we’re concerned with today.
How does online identity theft happen?
When it comes to online identity theft, there are more ways for it to occur. Let’s look at the most common ones.
Most likely you have received emails from a seemingly credible person or company, usually asking you to follow a link to provide personal information and restore your password — or something along those lines.
Criminals send these so-called phishing emails to steal your data. Once you click on the links or attached files, you are in danger of becoming a victim of identity theft. For example, you may reveal your credit card or Social Security Number, thinking that you’re giving the data to your bank or another trustworthy institution. Or fraudsters may use malware to get remote access to the device you were using to open an email. After that, they may even use your machine to send more phishing emails, implicating you in the process.
The first thing you should do upon realizing that you’ve opened a phishing link is disconnecting your Internet connection. Doing so will stop the malware from spreading to your device, and the fraudsters won’t be able to control your device remotely.
However, before that happens, it’s best to investigate the email closely to make sure it came from a legitimate source.
Identity theft can also take place through malware. That includes viruses, programs, various networks meant for document sharing.
After you catch this type of virus or open a malicious program, the risk of identity fraud increases. Using malware, criminals can track your Internet usage, and steal your most sensitive information, such as your SSN, login credentials, and more.
Also, once again, the criminals may even get control of your device.
Passwords that are short and easy to guess (or brute-force) can help fraudsters access accounts full of personal data needed to commit identity theft.
Sometimes logging into one account is enough to commit identity fraud. For instance, many people use their Gmail or Facebook to connect to different services. If your email account has a weak password and no two-factor authentication, imagine how many problems fraudsters could cause simply by guessing an insecure password.
Your dog’s name, qwerty, 12345, are among the passwords you should avoid. You should opt for randomly generated passwords with a nice mix of capital and lowercase letters, numbers, and other symbols. Keeping your password written on a piece of paper in your wallet is not the way to go. Use a password manager so you can easily maintain lots of difficult passwords.
Speaking of which, it’s also a bad idea to use the same password everywhere, and here’s why.
The amount of data stored by large companies makes this one of the primary ways to scale identity theft. Data breaches occur when hackers break into databases owned by various companies and leak the information stored, which often includes various PII types and login credentials.
In databases, passwords are usually encrypted, although not necessarily in a secure way. Insecure hashing algorithms (namely, SHA-1, or MD5) are still prevalent. Naturally, insecurely encrypted passwords are more vulnerable.
And here’s why you shouldn’t use the same password on many different accounts: hackers will often use a technique called credential stuffing. Criminals don’t just steal passwords – they also use them in an attempt to access other accounts that a person might have.
There are many ways how hackers can steal your identity. A common one is by public wifi in your local coffee shop or a hotel you’re staying at.
Hackers may set up a bogus wifi network and name it after the coffee shop you’re sitting in, or the hotel you’re staying at, so that you’d try to connect to it. After connecting to this wifi, you are not likely to notice that something’s not right.
However, at the same time, hackers may be able to observe your online traffic and steal personal information, such as passwords or conversations.
Visiting suspicious sites can increase the likelihood of getting your identity stolen.
For example, the internet is full of fake ecommerce websites that fraudsters can observe to get your most sensitive information – credit card numbers, names, addresses, etc. They can also access your usernames and passwords and use them for credential stuffing.
There are a few things to keep in mind when visiting a site, and judging whether it’s a safe one.
First of all, check the lock icon next to your address bar. If it’s locked, that means the website uses HTTPS and your connection is encrypted. No lock means get out of there quickly.
Social media occupies a huge part of our daily lives. It’s also the place where identity theft occurs.
We share a lot of information on social media that could be useful to fraudsters – ranging from the obvious, such as telephone numbers, email addresses, places of employment and the like, to the less obvious, such as your dog’s name (which can help someone answer that security question for reminding your email password).
In truth, fraudsters could use almost anything you share to add color to social engineering attacks targeting you (through the customer service at your bank, for example).
Discarded electronic devices
When getting rid of an old mobile phone, or laptop, you may leave personally identifiable information that criminals could use to steal your identity.
This applies to the documents you didn’t delete, passwords that your browser remembers, and even your holiday pictures. With this type of information, thieves can quickly identify a person and steal their identity.
Synthetic identity theft
Synthetic identity theft (SIT), also called synthetic identity fraud, refers to the creation of a fake identity using the PII of a real person.
When committing this type of crime, fraudsters combine both real and fake data to create a new identity. For example, a thief can use someone’s SSN and connect it with a phony address.
Finding a criminal behind synthetic identity fraud is hard, and sometimes impossible. With this fake identity, a thief can take a loan, and it won’t be possible to track the real identity.
More often than not, children become victims of synthetic identity fraud. They have an SSN, but usually do not have a bank account. Sadly, they may learn about their SSN being used only after turning 18, and trying to open a bank account.
What can identity theft lead to?
Recovering your identity after theft can take some time. On top of that, you will likely experience lasting problems, especially, financial ones.
- Legal issues
Once you’ve become a victim of identity theft, the criminals may continue committing crimes under your name, such as stealing money.
That means you’re going to face legal issues before the lawyers find out you didn’t commit the crimes.
- Stolen money
Losing money is one of the most common consequences of identity fraud. Whether during the process or afterward, trying to restore your taken identity.
One way you can lose money is by criminals getting your credit and bank information, and taking advantage of it by withdrawing money.
- Financial obligations in your name
When it comes to identity theft, one of the worst things that could happen to you is losing your Social Security Number (SSN).
Once the thieves get their hands on it, they can use your SSN to benefit financially, leaving you with unknown obligations.
For example, thieves can get a loan in your name, or take your tax refund. On top of that, they can take the money from your bank account or open a new account using your data.
The worst part is that more often than not, you will learn about it only after receiving a call from creditors asking you to pay off the debt you didn’t even know existed.
- Ruined credit rating
A ruined credit card rating is one of the worst things that can happen to you after your identity theft.
When your credit rating is low, creditors see you as a riskier client, offering you a higher interest rate.
With time, your credit rating will improve eventually, but it can be both time consuming and frustrating.
- Damaged reputation
Losing your identity can take a toll not only on your wallet, but also on your reputation.
For instance, if fraudsters are posting controversial content using your social media accounts, it can ruin your reputation both personally and professionally. Just imagine what a single negative post on your company could do if it gets noticed by your manager or coworkers.
- Psychological and health issues
Last but not least, losing your identity can harm your health and psychological well-being.
Legal, financial, and social problems can increase your stress levels, which can affect your whole body.
How to protect your identity online?
While the threat of falling prey to identity theft increases almost daily, there are things you can do to prevent it from happening.
- To avoid becoming a victim of a phishing email scam, double-check the URL addresses of links and the sender’s email address. If anything seems unconvincing, delete the email immediately.
- Invest in a high-quality VPN to protect your online activities. A VPN is vital, especially when connected to a public wifi network, as it helps you avoid man-in-the-middle attacks.
- When you’re done using your computer, turn it off.
- Take extra care of your passwords by investing in a password manager. Moreover, don’t use the same password on more than one account.
- Disable Bluetooth when you don’t need it.
- Be extra cautious about the software that you are installing on your computer.
- Use two-factor authentication to protect your accounts.
- Regularly check your credit card reports for suspicious activity.
- Keep your antivirus up to date.
- Share as little information about your personal life on social media as possible.
- Manage the privacy settings on your social media accounts.
- Be sure to delete all the files from your computer/mobile phone completely once you decide to get rid of it.
- Encrypt your USB flash drives.
How do you know you’ve been a victim of identity theft?
The following examples may indicate that you’ve suffered from identity theft:
- Receiving bills for medical services that you didn’t take
- Creditors asking you to pay the debt that you didn’t know existed
- You cards get refused at shops
- You stop receiving emails from your bank
- Your credit score gets affected in a negative way
What to do if you’ve become a victim of identity theft?
The good news is that recovering from identity theft is possible. The bad news is that it can take a long time – in some cases, even years.
After realizing that your identity was stolen, you should immediately take action to recover. The steps will differ depending on the details of the crime, but here are some possible action steps:
- File a police report
- Inform any companies and institutions that were affected by your stolen identity.
- Activate a fraud alert on your credit. With it, the verification of your identity in the future will have more steps to ensure it’s you who is using the credit card
- Freeze your credit card
- Get a password manager and change all your passwords that they are unique and impossible to break
These steps can help you restore your stolen identity, and prevent this from happening once more.